On 2017-02-13 23:38, ek...@svn.reactos.org wrote:
> + _SEH2_TRY
> + {
> + Relations = RelationsData->Relations;
> + BufferSize = RelationsData->BufferSize;
> + Buffer = RelationsData->Buffer;
> +
> + ProbeForWrite(RelationsData->Buffer,
> + RelationsData->BufferSize,
> + sizeof(CHAR));
> + }
You need to use the local 'Buffer' and 'BufferSize' variables in the
probe or you get a race condition.
> + Status = IopInitiatePnpIrp(DeviceObject,
> + &IoStatusBlock,
> + IRP_MN_QUERY_DEVICE_RELATIONS,
> + &Stack);
> + if (!NT_SUCCESS(Status) || Status == STATUS_PENDING)
> + {
> + DPRINT1("IopInitiatePnpIrp() failed (Status 0x%08lx)\n", Status);
> + goto done;
> + }
Failing on STATUS_PENDING seems broken. IoStatusBlock will go out of
scope and the DeviceRelations set by the driver will be leaked.
> + if (RequiredSize > 0)
> + RequiredSize += sizeof(WCHAR);
Not sure I understand the >0 condition.
Best,
Thomas
_______________________________________________
Ros-dev mailing list
Ros-dev@reactos.org
http://www.reactos.org/mailman/listinfo/ros-dev
